On Sat, Feb 18, 2012, Edward Ned Harvey wrote: > > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > > us...@openssl.org] On Behalf Of anthony berglas > > > > Taking a different slant, is it possible to provide the "Entropy" using a > pass > > phrase. So a given pass phrase will always generate the same key pair. > This > > means that for simple applications no key store is required. Much like > > password based (symmetric) encryption. > > > > Any ideas as to how hard that would be to do with Open SSL? Has anyone > > else done it? > > You want at least 2048 bits of entropy. That's a very long passphrase. > Also, unless you randomly generate your passphrase in hex or binary, it's > bound to be a lot less than 2048 bits of entropy even if it's 2048 bits > long. >
It depends on the key length and the algorithm in question. For example for an 2048 bit RSA key the equivalent comparable security strength is 112 bits (see SP800-57 et al). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
